'Beta Bot' Banking Trojan Disables Your Security

Below:

Next story in Tech and gadgets

A recently discovered piece of malware called Beta Bot started
out as a humble Web-page automated script, but over the last five
months, it has evolved into a credible threat that will do
whatever's necessary to survive.

Now an invasive banking Trojan, the new and improved Beta Bot can
block anti-virus software, security websites and even other
malware in its quest to steal user information and share it with
hackers.

The Trojan — which has targeted large banks, social networking
sites and online payment platforms — can’t do anything without a
victim's direct approval. The program takes the curious step of
displaying a pop-up that resembles an official Windows message
box, asking whether a user wants to allow the "Windows Command
Processor " to modify its computer.

If users say no, the program never activates. If they say yes,
however, they've effectively given hackers permission to steal
their information. The program automatically downloads malicious
files online, spreads itself via Skype or USB hookups, and
redirects users to hacked websites.

Once on an infected machine, Beta Bot takes whatever information
it pleases and reroutes it to a database, where hackers can
access it. Trying to remove the
Trojan is a tricky proposition, as it can detect which
antivirus programs a user has installed and block them from
running or receiving updates.

Beta Bot can even compile a list of websites that provide
anti-virus software and prevent a user from ever reaching them.
The program does not even tolerate other malware, which might
steal some of its precious bandwidth. Instead, it shuts down all
competing malware programs while it steals information.

Despite its potentially devastating skill set, Beta Bot has yet
to pick up much popularity in the cybercriminal underground,
according to the Boston-area security-verification firm RSA's
Speaking of Security
blog. Researcher Limor S. Kessem has discovered that the
program's uses are a little too broad for focused bank criminals,
and that the program doesn't allow much modification from hackers
who purchase it.

Unless you run a bank or a large financial site, you're unlikely
to encounter the Beta Bot, but its lessons apply to everyday
users as well. Windows Command Processor is a default Windows
process, so it would not require user permission to run; this
request should be immediately suspicious. [See also: 8
Simple Tips for Securing Your Computer ]

If your computer is compromised by malware that prohibits visits
to security websites, it's always possible to download the latest
updates (or even a whole new program) on another computer and
transfer it via a thumb drive. Just remember to thoroughly format
the thumb drive afterward; malware can be
sneaky.

At its core, Beta Bot is still a fairly run-of-the-mill Trojan,
and a regular malware or anti-virus sweep will eliminate it. That
said, it's evolved considerably in only six months, and the next
six may make it even more dangerous.